Microsoft Revokes Trust In 28 of Its Own Certificates

Trailrunner7 writes "In the wake of the Flame malware attack, which involved the use of a fraudulent Microsoft digital certificate, the software giant has reviewed its certificates, found nearly 30 that aren't as secure as the company would like, and revoked them. Microsoft also released its new updater for certificates as a critical update for Windows Vista and later versions as part of today's July Patch Tuesday. Microsoft has not said exactly what the now-untrusted certificates were used for, but company officials said there were a total of 28 certificates affected by the move. However, the company said it was confident none of them had been compromised or used maliciously. The move to revoke trust in these certificates is a direct result of the investigation into the Flame malware and how the attackers were able to forge a Microsoft certificate and then use it to impersonate a Windows Update server."

Re:Serves them right!

[X0563511]

plus SSL encryption being picked apart

Only if system administrators fail at configuration. [ssllabs.com]

Re:So when are they going to tackle the real probl

[cryptizard]

Thats the whole point of this, they replaced old certificates with new ones that don't use MD5.